// no direct access
defined('_VALID_MOS') or die('Restricted access');
// ensure user has access to this function
if (!$acl->acl_check('administration', 'manage', 'users', $my->usertype, 'components', 'com_massmail')) {
mosRedirect('index2.php', _NOT_AUTH);
}
require_once $mainframe->getPath('admin_html');
switch ($task) {
case 'send':
sendMail();
break;
case 'cancel':
mosRedirect('index2.php');
break;
default:
messageForm($option);
break;
}
function messageForm($option)
{
global $acl;
$gtree = array(mosHTML::makeOption(0, '- All User Groups -'));
// get list of groups
$lists = array();
$gtree = array_merge($gtree, $acl->get_group_children_tree(null, 'USERS', false));
$lists['gid'] = mosHTML::selectList($gtree, 'mm_group', 'size="10"', 'value', 'text', 0);
HTML_massmail::messageForm($lists, $option);
}
function sendMail()
{
global $database, $my, $acl;
$data['message'] = stripslashes($row['message']);
$data['messageID'] = $_POST['message_id'];
$data['button'] = array("name" => "update", "value" => "Update", "class" => "submit");
/** now get courses for **/
if ($lev == 3) {
$sql = "SELECT course_id from message2course where message_id=" . $_POST['message_id'];
$result = $db->query($sql);
$courses = array();
if ($result) {
while ($row = $result->fetch_assoc()) {
array_push($courses, $row['course_id']);
}
}
$data['forCourses'] = $courses;
}
$main .= messageForm($data);
}
if (isset($_POST['update_message'])) {
$start = $_POST['startYear'] . "-" . $_POST['startMonth'] . "-" . $_POST['startDay'];
$end = $_POST['endYear'] . "-" . $_POST['endMonth'] . "-" . $_POST['endDay'];
$message = makeSQLsafe($_POST['message']);
$current_courses = array();
$future_courses = array();
$insert = array();
$remove = array();
while (list($var, $value) = each($_POST)) {
if (substr($var, 0, 4) == "cid_") {
array_push($future_courses, $value);
}
}
if ($_POST['message_id'] == -1) {
